{
  config,
  lib,
  pkgs,
  ...
}: {
  config = {
    networking = {
      firewall = {
        enable = true;
        allowedTCPPorts = [
          # ssh
          22

          # http, https
          80
          443

          # syncthing web ui
          8384

          # syncthing
          22000

          # mumble
          64738
        ];
        allowedUDPPorts = [
          8080

          # other
          12333

          # syncthing discovery
          21027

          # mumble
          64738
        ];
      };
    };
  };
}